Recent vulnerability scans are showing Log4j v1.2x is vulnerable against CVE-2021-44832. Is Identity Manager exposed to the JDBCAppender Vulnerability?
Release : 14.X
Component : Symantec Identity Manager
Sustaining Engineering has reviewed this vulnerability and determined that Identity Manager is not vulnerable to CVE-2021-44832. The JDBCAppender is not configured in any OOTB log4j configuration files. The Log4j configuration file is not accessible to remote hackers.
If you had declared JDBCAppender in the Log4j configuration, please comment out or remove JDBCAppender in the Log4j configuration.